Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Work on customreports

Browse Source
This commit is contained in:
Laurent Destailleur 2024-02-26 20:11:55 +01:00
parent 5fc6dbdf2f
commit b4ea234b75
4 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/core/class/html.form.class.php
View File

@ -8807,7 +8807,7 @@ class Form
}
$useenhancedmultiselect = 0;
if (!empty($conf->use_javascript_ajax) && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) {
if (!empty($conf->use_javascript_ajax) && !defined('MAIN_DO_NOT_USE_JQUERY_MULTISELECT') && (getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') || defined('REQUIRE_JQUERY_MULTISELECT'))) {
if ($addjscombo) {
$useenhancedmultiselect = 1; // Use the js multiselect in one line. Possible only if $addjscombo not 0.
}
@ -8866,9 +8866,12 @@ class Form
if ($addjscombo == 1) {
$tmpplugin = !getDolGlobalString('MAIN_USE_JQUERY_MULTISELECT') ? constant('REQUIRE_JQUERY_MULTISELECT') : $conf->global->MAIN_USE_JQUERY_MULTISELECT;
$out .= 'function formatResult(record, container) {' . "\n";
// If property html set, we decode html entities and use this.
// If property data-html set, we decode html entities and use this.
// Note that HTML content must have been sanitized from js with dol_escape_htmltag(xxx, 0, 0, '', 0, 1) when building the select option.
$out .= ' if ($(record.element).attr("data-html") != undefined) { return htmlEntityDecodeJs($(record.element).attr("data-html")); }'."\n";
$out .= ' if ($(record.element).attr("data-html") != undefined && typeof htmlEntityDecodeJs === "function") {';
//$out .= ' console.log("aaa");';
$out .= ' return htmlEntityDecodeJs($(record.element).attr("data-html"));';
$out .= ' }'."\n";
$out .= ' return record.text;';
$out .= '}' . "\n";
$out .= 'function formatSelection(record) {' . "\n";
@ -8889,7 +8892,7 @@ class Form
}
$out .= ' dir: \'ltr\',
containerCssClass: \':all:\', /* Line to add class of origin SELECT propagated to the new <span class="select2-selection...> tag (ko with multiselect) */
dropdownCssClass: \'' . $morecss . '\', /* Line to add class on the new <span class="select2-selection...> tag (ok with multiselect) */
dropdownCssClass: \'' . $morecss . '\', /* Line to add class on the new <span class="select2-selection...> tag (ok with multiselect). Need full version of select2. */
// Specify format function for dropdown item
formatResult: formatResult,
templateResult: formatResult, /* For 4.0 */

6
htdocs/core/customreports.php
View File

@ -37,9 +37,6 @@ if (!defined('USE_CUSTOM_REPORT_AS_INCLUDE')) {
$tabfamily = GETPOST('tabfamily', 'aZ09');
$search_measures = GETPOST('search_measures', 'array');
if (empty($search_measures)) {
$search_measures = array(0 => 't.count');
}
//$search_xaxis = GETPOST('search_xaxis', 'array');
if (GETPOST('search_xaxis', 'alpha') && GETPOST('search_xaxis', 'alpha') != '-1') {
@ -86,6 +83,9 @@ if (!defined('USE_CUSTOM_REPORT_AS_INCLUDE')) {
}
}
if (empty($search_measures)) {
$search_measures = array(0 => 't.count');
}
if (!empty($object)) {
$objecttype = $object->element.($object->module ? '@'.$object->module : '');
}

4
htdocs/core/lib/ajax.lib.php
View File

@ -526,7 +526,9 @@ function ajax_combobox($htmlname, $events = array(), $minLengthToAutocomplete =
if ($(data.element).attr("data-html") != undefined) {
/* If property html set, we decode html entities and use this. */
/* Note that HTML content must have been sanitized from js with dol_escape_htmltag(xxx, 0, 0, \'\', 0, 1) when building the select option. */
return htmlEntityDecodeJs($(data.element).attr("data-html"));
if (typeof htmlEntityDecodeJs === "function") {
return htmlEntityDecodeJs($(data.element).attr("data-html"));
}
}
return data.text;
},

1
htdocs/main.inc.php
View File

@ -236,6 +236,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type, $stopcode = 1)
if ($stopcode) {
$errormessage = 'Access refused to '.htmlentities($ip, ENT_COMPAT, 'UTF-8').' by SQL or Script injection protection in main.inc.php:analyseVarsForSqlAndScriptsInjection type='.htmlentities($type, ENT_COMPAT, 'UTF-8');
//$errormessage .= ' paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8'); // Disabled to avoid text injection
$errormessage2 = 'page='.htmlentities((empty($_SERVER["REQUEST_URI"]) ? '' : $_SERVER["REQUEST_URI"]), ENT_COMPAT, 'UTF-8');
$errormessage2 .= ' paramkey='.htmlentities($key, ENT_COMPAT, 'UTF-8');